Apparatus, authentication process method, and computer program product

ABSTRACT

An apparatus includes: a first unit configured to provide a given function; and a second unit configured to be connected to the first unit. The second unit includes: an acquisition unit configured to acquire authentication information from an authentication medium; an authentication unit configured to use the acquired authentication information to perform a user authentication process that enables the use of the function of the first unit; and a first power management unit configured to, when the first unit transitions to an energy-saving mode in which power consumption is reduced by stopping power supply to a given hardware resource, cause the second unit to transition to the energy-saving mode while the acquisition unit is kept in a driven state and, on the user authentication process, recover the second unit from the energy-saving mode such that the authentication unit performs the user authentication process.

CROSS-REFERENCE TO RELATED APPLICATIONS

The present application claims priority under 35 U.S.C. §119 to JapanesePatent Application No. 2015-160690 filed on Aug. 17, 2015 and JapanesePatent Application No. 2016-107427 filed on May 30, 2016. The contentsof which are incorporated herein by reference in their entirety.

BACKGROUND OF THE INVENTION

1. Field of the Invention

The present invention relates to an apparatus, an authentication processmethod, and a computer program product.

2. Description of the Related Art

Recently, image forming apparatuses, such as a multifunction peripheral(MFP) having various functions including including a copy function, ascanner function, a facsimile function and a printer function, a laserprinter, or an apparatus (for example, a scanner device, a facsimiledevice, etc.,) having one of the above-listed various functions areknown. A card reader device is connectable to the apparatus main unit ofan image forming apparatus. In an energy-saving mode that reduces powerconsumption of the apparatus main unit, when an integrated circuit (IC)card is moved closer to the card reader device that is connected to theapparatus main unit, a contactless wireless communication is performedand the apparatus main unit recovers from the energy-saving mode. Then,on the basis of the data that is read from the IC card, the apparatusmain unit performs a user authentication process and, when the user isauthenticated as an authorized user, the function of the image formingapparatus becomes usable.

When a non-operation state continues for a given time after transitionto an energy-saving mode, a conventional image forming apparatustransitions to an engine-off mode that further reduces powerconsumption. In the engine-off mode, power supply to the card readerdevice from the apparatus main unit stops. For this reason, there is aproblem in that, even when an IC card is moved closer to the card readerdevice, contactless wireless communications cannot be performed and theapparatus main unit cannot be recovered from the engine-off mode, whichmakes it difficult to perform user authentication.

In this case, a power button is operated to recover the conduction stateof the apparatus main unit and the IC card is moved closer to the cardreader device to perform user authentication. The conventional imageforming apparatus is provided with a setting for inhibiting transitionto the engine-off mode. When a setting for inhibiting transition to theengine-off mode is made, however, the time of conduction throughresources, such as the HDD of the apparatus main unit, the plotter, andthe engine of the scanner, increases and therefore there is a risk thatthe life of the resources will shorten.

Furthermore, user authentication is performed by using a local addressbook of the apparatus main unit or an authentication server device thatis connected to the apparatus main unit via a network. For this reason,to perform user authentication in the energy-saving mode, the apparatusmain unit is started and the apparatus main unit refers to the localaddress book stored in the hard disk drive (HDD), or communicates withthe authentication server device on the network, to perform userauthentication. For this reason, the apparatus main unit is started eachtime user authentication is performed and therefore there is a risk thatthe life of the resources will shorten.

SUMMARY OF THE INVENTION

Exemplary embodiments of the present invention, there is provided anapparatus comprising: a first unit configured to provide a givenfunction; and a second unit configured to be connected to the firstunit, the second unit including: an acquisition unit configured toacquire authentication information from an authentication medium; anauthentication unit configured to use the acquired authenticationinformation to perform a user authentication process that enables theuse of the function of the first unit; and a first power management unitconfigured to, when the first unit transitions to an energy-saving modein which power consumption is reduced by stopping power supply to agiven hardware resource, cause the second unit to transition to theenergy-saving mode while the acquisition unit is kept in a driven stateand, on the user authentication process, recover the second unit fromthe energy-saving mode such that the authentication unit performs theuser authentication process.

Exemplary embodiments of the present invention also provide anauthentication process method performed by an authentication systemincluding a first unit that provides a given function and a second unitthat is connected to the first unit, the authentication process methodcomprising: acquiring authentication information from an authenticationmedium, the acquiring performed by an acquisition unit of the secondunit; using the acquired authentication information to perform a userauthentication process that enables the use of the function of the firstunit, the using performed by an authentication unit of the second unit;and when the first unit transitions to an energy-saving mode in whichpower consumption is reduced by stopping power supply to a givenhardware resource, causing the second unit to transition to theenergy-saving mode while the acquisition unit is kept in a driven stateand, on the user authentication process, recovering the second unit fromthe energy-saving mode such that the authentication unit performs theuser authentication process, the causing and the recovering performed bya first power management unit of the second unit.

Exemplary embodiments of the present invention also provide a computerprogram product containing an authentication process program executed byan authentication system including a first unit that provides a givenfunction and a second unit that is connected to the first unit, theprogram causes a computer of the second unit to execute; acquiringauthentication information from an authentication medium, the acquiringperformed by an acquisition unit of the second unit; using the acquiredauthentication information to perform a user authentication process thatenables the use of the function of the first unit, the using performedby an authentication unit of the second unit; and when the first unittransitions to an energy-saving mode in which power consumption isreduced by stopping power supply to a given hardware resource, causingthe second unit to transition to the energy-saving mode while theacquisition unit is kept in a driven state and, on the userauthentication process, recovering the second unit from theenergy-saving mode such that the authentication unit performs the userauthentication process, the causing and the recovering performed by afirst power management unit of the second unit.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 is a hardware configuration diagram of a MFP of a firstembodiment of the present invention;

FIG. 2 is a software configuration diagram of the MFP of the firstembodiment;

FIG. 3 is a functional block diagram of a main unit and an operationunit of the MFP of the first embodiment;

FIG. 4 is a diagram illustrating a card ID that is stored in an IC cardthat is used in the MFP of the first embodiment;

FIG. 5 is a flowchart showing the flow of a user authentication processperformed by the MFP of the first embodiment;

FIG. 6 is a diagram illustrating each operating mode of the MFP of thefirst embodiment;

FIG. 7 is a flowchart of an operation for transition to an energy-savingmode in the MFP of the first embodiment;

FIG. 8 is a flowchart of an operation for recovery from theenergy-saving mode in the MFP of the first embodiment;

FIG. 9 is a hardware configuration diagram of an authentication systemof a second embodiment of the present invention;

FIG. 10 is a functional block diagram of the authentication system ofthe second embodiment; and

FIG. 11 is a system configuration diagram of an authentication system ofa third embodiment of the present invention.

The accompanying drawings are intended to depict exemplary embodimentsof the present invention and should not be interpreted to limit thescope thereof. Identical or similar reference numerals designateidentical or similar components throughout the various drawings.

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS

The terminology used herein is for the purpose of describing particularembodiments only and is not intended to be limiting of the presentinvention.

As used herein, the singular forms “a”, “an” and “the” are intended toinclude the plural forms as well, unless the context clearly indicatesotherwise.

In describing preferred embodiments illustrated in the drawings,specific terminology may be employed for the sake of clarity. However,the disclosure of this patent specification is not intended to belimited to the specific terminology so selected, and it is to beunderstood that each specific element includes all technical equivalentsthat have the same function, operate in a similar manner, and achieve asimilar result.

With reference to the accompanying drawings, a multifunction peripheralor an authentication system of an embodiment to which the presentinvention is applied will be described in detail below.

First Embodiment

FIG. 1 is a hardware configuration diagram of a multifunction peripheral(MFP) 1 of a first embodiment of the present invention. The MFP 1 is anexemplary apparatus and the authentication system. The MFP 1 includes,as shown in FIG. 1, for example, a main unit 10 having various functionsincluding a copy function, a scanner function, a facsimile function, anda printer function, and an operation unit 20 that accepts inputscorresponding to user operations. The main unit 10 is an exemplary firstunit and the operation unit 20 is an exemplary second unit.

The main unit 10 and the operation unit 20 are communicably connected toeach other via a dedicated communication path 30. As the communicationpath 30, for example, one according to the USB (universal serial bus)standard may be used; however, the communication path 30 may accord toany standard. The main unit 10 may have one or multiple functions ofimage generation functions including the copy function, the scannerfunction, the facsimile function, and the printer function.

An electronic device capable of performing information processing thatcompletes independently can be used as the operation unit 20. Forexample, an information processing terminal, such as a smartphone or atablet terminal, can be used as the operation unit 20. In this case, theinformation processing terminal that is used as the operation unit 20functions as an operation unit of the MFP 1.

More specifically, instead of an operation panel that is fixed and setconventionally as an operation unit dedicated to the MFP 1, theinformation processing terminal that is used as the operation unit 20 isdetachably connected to the MFP 1. In other words, the informationprocessing terminal that is used as the operation unit 20 is setdetachably (separably) in a given position, such as one in which theoperation panel of the MFP 1 is disposed, but is set integrally with theMFP 1. Accordingly, the information processing terminal that is used asthe operation unit 20 and the MFP 1 may be regarded as a singleapparatus. Once detached from the MFP 1, the information processingterminal serving as the operation unit 20 performs wirelesscommunications, such as Bluetooth communications or infraredcommunications, with the MFP 1 and functions as the operation unit ofthe MFP 1.

The main unit 10 performs operations according to inputs accepted by theoperation unit 20. The main unit 10 is communicable with an externaldevice, such as a client PC (personal computer), and performs operationsaccording to instructions received from an external device.

Hardware Configuration of Main Unit

The hardware configuration of the main unit 10 will be described here.As shown in FIG. 1, the main unit 10 includes a CPU 11, a ROM 12, a RAM13, and a hard disk drive (HDD) 14. The main unit 10 includes acommunication interface (I/F) 15, a connection I/F 16, an engine 17, anda facsimile modem (FAX modem) 19. The components of the main unit 10 areconnected with one another via a system bus 18.

The CPU 11 controls overall operations of the main unit 10. The CPU 11uses the RAM 13 as a work area and executes a program that is stored inthe ROM 12 or the HDD 14 to control overall operations of the main unit10 and implement various functions including the copy function, thescanner function, the facsimile function, and the printer function thatare listed above.

The communication I/F 15 is an interface for communicating with theexternal device, such as a client PC (personal computer), a Web serverdevice, or an authentication server device, on a network 40. Theconnection I/F 16 is an interface for communicating with the operationunit 20 via the communication path 30. FIGS. 1 and 2 illustrate thecommunication path 30 as a wire path; however, as described above, theoperation unit 20 is attachable to and detachable from the main unit 10of the MFP 1. For this reason, when the operation unit 20 is attached tothe MFP 1, the communication path 30 functions as a wire communicationpath and, when the operation unit 20 is detached from the MFP 1, thecommunication path 30 functions as a wireless communication path.

The engine 17 is hardware that performs processing, excludinggeneral-purpose information processing and communications, forimplementing the copy function, the scanner function, the facsimilefunction, and the printer function, etc. The engine 17 includes, forexample, a scanner that scans an image of an original, a plotter thatperforms printing on a sheet material, such as paper, and a facsimilecommunication unit that performs facsimile communications. Furthermore,the engine 17 may include a specific option, such as a finisher thatsorts printed sheet materials or an auto document feeder (ADF) thatautomatically feeds originals.

The HDD 14 is provided with storage areas respectively for, for example,an address book, login success history information, and operating modeinformation. In the storage area for an address book, master informationthat is generated by associating user identification information (userID) on a user who is permitted to use the MFP 1 and the card ID andpassword of an IC card that is lent (issued) to the user is stored withrespect to each user.

In the storage area for the login success history, the date at whichoperating the MFP 1 was permitted according to a login operation, thecard ID of an IC card that is used for the login operation, and the userID of a user corresponding to the card ID are stored in association withone another. The master information, etc., may be stored in a storagemedium, such as an SD card (trademark) or a universal serial bus (USB)memory.

In the storage area for the operating mode information, is storedoperating mode information representing an operating mode, such as a“login performance prioritized mode” or a “main unit energy-savingprioritized mode” to be described below, to which the main unit 10 andthe operation unit 20 are caused to transition on transition toenergy-saving modes.

User authentication using an IC card is exemplified here; however,various information terminals, such as a smartphone and a mobile phone,having a function used for user authentication (or in which anapplication is installed) may be used as the authentication device toimplement the same function as that implemented with an IC card. Thefirst embodiment will be described as one in which an “IC card” is usedfor user authentication; however, any storage medium may be used if thestorage medium is capable of storing user information. For this reason,the storage medium is not limited to an IC card or an ID card.

Hardware Configuration of Operation Unit

The hardware configuration of the operation unit 20 will be describedhere. As shown in FIG. 1, the operation unit 20 includes a CPU 21, a ROM22, a RAM 23, a flash memory 24, a communication I/F 25, a connectionI/F 26, an operation panel 27, and an IC card I/F 29 that are connectedwith one another via a system bus 28.

The CPU 21 controls overall operations of the operation unit 20. The CPU21 uses the RAM 23 as a work area and executes a program that is storedin, for example, the ROM 22 to control entire operations of theoperation unit 20. As described below, the CPU 21 executes the userauthentication program that is stored in, for example, the ROM 22 toimplement a user authentication operation, which will be describedbelow. The communication I/F 25 is an interface for communicating withthe authentication server device on the network 40. The connection I/F26 is an interface for communicating with the main unit 10 via thecommunication path 30.

The IC card I/F 29 is connected to a card reader 6 that is an exemplaryacquisition unit via, for example, a USB cable. The card reader 6performs contactless wireless communications with an IC card 5 that isheld against the card reader 6 by the user when an operation for loggingin the MFP 1 is performed and reads the authentication informationincluding the card ID and the user information that is stored in the ICcard 5. As the card reader 6, any card reader may be used as long as thecard reader is capable of reading user information from a storagemedium, such as an IC card or an ID card.

The exemplary first embodiment will be described as an embodiment wherethe card reader 6 and the operation unit 20 that are physicallydifferent from each other are connected via a USB cable of the firstembodiment; however, the card reader 6 may be incorporated in theoperation unit 20. In other words, the operation unit 20 and the cardreader 6 may be formed integrally (may be formed as a single device).

In the RAM 23 (or another storage unit, such as the flash memory 24),for example, a storage area for the address book, a storage area for alogin-success history, a storage area for a prioritized user list, and astorage area for operating modes are provided. In the storage area forthe address book in the RAM 23, master information of the address bookthat is acquired from, for example, the HDD 14 of the main unit 10 isstored. The master information that is acquired from the main unit 10may be stored in a storage medium, such as an SD card (trademark) or aUSB memory. In the storage area in the RAM 23 for the login successhistory, the login success history that is acquired from, for example,the HDD 14 of the main unit 10 is stored.

Furthermore, for example, in the storage area in the RAM 23 for theprioritized user list corresponding to the login success history, givennumber of sets of login success history information each containing auser ID, a card ID, and a login date among the login success historythat is acquired from the HDD 14 is stored according to the descendingorder of login dates. The prioritized user list is a list representingusers subjected to user authentication.

The prioritized users are users corresponding to the login successhistory that is acquired from, for example, the HDD 14 of the main unit10. In other words, as described below, the MFP 1 of the firstembodiment acquires a new login success history of a given number ofusers among the login success history that is stored in the main unit10. Each of the users corresponding to the login success history of thegiven number of users completes user authentication by only holding theIC card 5 against the card reader 6 and accordingly the functions of theMFP 1 becomes usable. In this manner, the functions of the MFP 1 areusable preferentially by the users corresponding to the login successhistory acquired from the main unit 10 and the users will be referred toas “prioritized users” in the MFP 1 of the first embodiment.

In the storage area for operating modes, is stored operating modeinformation representing operating modes, such as an “engine lifeprioritized mode” to be described below, to which the main unit 10 andthe operation unit 20 are recovered upon recovery from the energy-savingmode.

When the card ID that is read from the IC card 5 in the login operationis registered in the prioritized user list, the CPU 21 of the operationunit 20 authenticates the user as an authorized user and permits the useof the functions of the MFP 1 according to the authority of the user.Accordingly, it is possible to complete user authentication in fewseconds after the IC card 5 is held against the card reader 6 in thelogin operation and allow the use of the MFP 1.

The operation panel 27 is configured of a liquid crystal display (LCD)including a touch sensor. The operation panel 27 accepts various inputscorresponding to user operations and displays various types ofinformation, such as information corresponding to the accepted inputs,information representing the operating condition of the MFP 1, andinformation representing a setting state. The operation panel 27 may beconfigured of an organic EL display including a touch sensor. Inaddition to, or instead of, the organic EL display, an operation unit,such as hardware keys, or a display unit, such as a light emitter, maybe provided.

Software Configuration of MFP

FIG. 2 shows an exemplary software configuration of the MFP 1. As shownin FIG. 2, the main unit 10 includes an application layer 101, a servicelayer 102, and an OS layer 103. The entity of the application layer 101,the service layer 102, and the OS layer 103 is various types of softwarethat is stored in, for example, the ROM 12 or the HDD 14. The CPU 11executes the various types of software to provide various functions.

The software of the application layer 101 is application software(hereinafter, it may be referred simply as “applications”) for causinghardware resources to operate to provide given functions. Asapplications, for example, there are a copy application for providingthe copy function, a scanner application for providing the scannerfunction, a facsimile application for providing a facsimile function,and a printer application for providing the printer function.

The software of the service layer 102 is between the application layer101 and the OS layer 103. The software of the service layer 102 issoftware that provides an interface for using the hardware resources ofthe main unit 10 to the applications. Specifically, it is software forproviding a function for accepting operation requests to hardwareresources and adjusting the operation requests. The operation requestsaccepted by the service layer 102 are, for example, a request forreading by the scanner and a request for printing by the plotter.

The interface function provided by the service layer 102 is provided notonly to the application layer 101 of the main unit 10 but also to anapplication layer 201 of the operation unit 20. In other words, theapplication layer 201 (application) of the operation unit 20 is alsoable to implement the functions using the hardware resources (forexample, the engine 17) of the main unit 10 via the interface functionof the service layer 102.

The software of the OS layer 103 is basic software (an operating system)for providing basic functions for controlling the hardware of the mainunit 10. The software of the service layer 102 converts requests for theuse of hardware resources from various applications to commands that areinterpretable by the OS layer 103 and passes the commands to the OSlayer 103. The software of the OS layer 103 executes the commands andaccordingly the hardware resources perform operations according to therequests from the applications.

Similarly, the operation unit 20 includes the application layer 201, aservice layer 202, and an OS layer 203. The application layer 201, theservice layer 202, and the OS layer 203 of the operation unit 20 havethe same layer structure as that of the main unit 10. Note that thefunction provided by the application of the application layer 201 andthe types of operation requests acceptable by the service layer 202 aredifferent from those of the main unit 10. The application of theapplication layer 201 is software for providing a given function bycausing the hardware resource of the operation unit 20 to operate. It issoftware mainly for providing the function of a user interface (UI) forperforming operations relating to the functions of the main unit 10 (thecopy function, the scanner function, the facsimile function, and theprinter function) and for making displays.

In the exemplary first embodiment, in order to maintain independencybetween the functions, the software of the OS layer 103 of the main unit10 and the software of the OS layer 203 of the operation unit 20 aredifferent from each other. In other words, the main unit 10 and theoperation unit 20 operate independently of each other on operatingsystems that are different from each other. For example, Linux(Trademark) may be used as the software of the OS layer 103 of the mainunit 10 and Android (Trademark) may be used as the software of the OSlayer 203 of the operation unit 20.

Operating the main unit 10 and the operation unit 20 on the differentoperating systems causes communications between the main unit 10 and theoperation unit 20 not between processes in a common device but betweendifferent devices. The communications correspond to, for example, anoperation (command communication) of the operation unit 20 to transmitan accepted input (the content of an instruction from the user) to themain unit 10 and an operation of the main unit 10 to notify theoperation unit 20 of an event. Here, the operation unit 20 communicatesa command to the main unit 10 and accordingly the function of the mainunit 10 can be used. The event of which the operation unit 20 isnotified by the main unit 10 is, for example, the operation executioncondition in the main unit 10 and the content of a setting made in themain unit 10.

In the exemplary first embodiment, because power is supplied to theoperation unit 20 from the main unit 10 via the communication path 30,the power supply control on the operation unit 20 can be performeddifferently from (independently of) power control on the main unit 10.

In the exemplary first embodiment, the main unit 10 and the operationunit 20 are connected electrically and physically via the communicationpath 30; however, as described above, the operation unit 20 isdetachable from the main unit 10. In this case, each of the main unit 10and the operation unit 20 is provided with a short-distance wirelesscommunication unit, such as an infrared communication unit, an RFcommunication unit, a Bluetooth (trademark) communication unit, where RFis an abbreviation of “radio frequency”. Alternatively, each of the mainunit 10 and the operation unit 20 may be provided with a wireless LANcommunication function of, for example, Wi-Fi (trademark) to enablemutual communications via a wireless LAN access point (wireless LANAP)41 and the network 40 as shown in FIG. 2, where LAN is an abbreviationof “local area network”. When the operation unit 20 is detachable fromthe main unit 10, the operation unit 20 stores power supplied from themain unit 10 via the communication path 30 in a secondary battery and,when the operation unit 20 is detached from the main unit 10, operatesby using the power stored in the secondary battery and communicates withthe main unit 10.

Function of Operation Unit

FIG. 3 shows a functional block diagram of the main unit 10 and theoperation unit 20 of the MFP 1. According to FIG. 3, the operation unit20 includes a first authentication unit 53, a prioritized usermanagement unit 54, an IC card control unit 55, and a first powermanagement unit 56. The CPU 21 shown in FIG. 1 executes at least oneprogram that is installed in the operation unit 20 and accordingly eachof these units operates. The operation unit 20 stores a userauthentication program 51 that enables conduction control on each uniton a user authentication process and on user authentication. Theoperation unit 20 further stores an address book 60 b, a login successhistory 61 b, a prioritized user list 52 obtained by listing prioritizeduser information generated from the login success history 61 b, andoperating mode information 65 a. These sets of information are stored inthe ROM 22, the RAM 23, etc., shown in FIG. 1 (or may be stored in theflash memory 24 or in another storage device, such as a HDD (not shownin FIG. 1)). These sets of information may be stored in a storage deviceconnectable to an auxiliary storage device of the operation unit 20 orthe operation unit 20 via the network.

The first authentication unit 53 is an exemplary authentication unit.The first authentication unit 53 collates the card ID that is read fromthe IC card of the user on a login with the address book 60 b stored inthe operation unit 20. When the card ID is stored in the address book 60b, the first authentication unit 53 performs the user authenticationprocess. When the card ID is not stored in the address book 60 b, thefirst authentication unit 53 recognizes the IC card as an unregisteredIC card that is used by the user on which user authentication has beenperformed and performs a process of registering the new IC card.

The prioritized user management unit 54 controls acquisition and updateof an address book 60 a and a login success history 61 a from the mainunit 10. The prioritized user management unit 54 controls generation andupdate of the prioritized user list 52. The IC card control unit 55controls contactless wireless communications with the IC card via the ICcard I/F 29.

Note that the user can manually register a user subjected to userauthentication in the prioritized user list 52. When manuallyregistering a user subjected to user authentication, the prioritizeduser management unit 54 stores the card ID, the user ID, and thepassword of the user subjected to authentication that is input byperforming a manual operation in the address book 60 a of the main unit10. The prioritized user management unit 54 registers, in theprioritized user list 52 as the login success data information, the cardID, the user ID, and the input date of the user subjected toauthentication, which is the user that is input by performing the manualoperation.

The first power management unit 56 is an exemplary first powermanagement unit. The first power management unit 56 reads the operatingmode information 65 a representing an operating mode that is previouslyset by, for example, a user and performs power supply control on theoperation unit 20 on transition of the energy-saving mode and performspower supply control on the operation unit 20 on recovery of theenergy-saving mode.

The exemplary first embodiment will be described in which it is assumedthat the first authentication unit 53, the prioritized user managementunit 54, the IC card control unit 55, and the first power managementunit 56 are implemented as software according to the user authenticationprogram 51. Part of or all the first authentication unit 53, theprioritized user management unit 54, the IC card control unit 55, andthe first power management unit 56 may be implemented by using hardware,such as an integrated circuit (IC). In other words, those skilled in theart can carry out the present invention by using a device configured byconnecting an application specific integrated circuit (ASIC) and aconventional circuit module. Each of the functions of the firstembodiment can be implemented by using at least one processing circuit.Note that the “processing circuit” herein includes a processor that isprogrammed such that software implements each function and hardware,such as an ASIC and a circuit module that are designed to implement eachfunction.

The user authentication program 51 may be provided by recording it in afile in an installable or executable form in a computer-readablerecording medium, such a CD-ROM or a flexible disk (FD). Alternatively,the user authentication program 51 may be provided by recording it in acomputer-readable recording medium, such as a CD-R, a DVD, a Blu-raydisc (trademark), or a semiconductor memory, where DVD is anabbreviation of “digital versatile disk”. The user authenticationprogram 51 may be provided in a way that it is installed via a network,such as the Internet. Alternatively, the user authentication program 51may be provided by previously incorporating it in the ROM in the device.

Function of Main Unit

According to FIG. 3, in the main unit 10, various application programsincluding a copy application 58 a, a FAX application 58 b, a scannerapplication 58 c, and a printer application 58 d are stored. The copyapplication 58 a is an application program for implementing the copyfunction by controlling a scanner engine and a plotter engine of theengine 17 shown in FIG. 1. The FAX application 58 b is an applicationprogram for implementing the facsimile function by controlling a FAXmodem 19 shown in FIG. 1.

The scanner application 58 c is an application program for implementingthe scanner function by controlling the scanner engine of the engine 17.The printer application 58 d is an application program for printing arequested image or characters on paper sheet.

The CPU 11 of the main unit 10 functions as a second authentication unit62, a user management unit 63, and a second power management unit 64according to the user authentication program (not shown) of the mainunit 10. The user management unit 63 controls write/read of the masterinformation in/from the address book 60 a in the HDD 14. The usermanagement unit 63 controls write/read of login success historyinformation in/from the login success history 61 a. The user managementunit 63 further controls transfer of the address book 60 a and the loginsuccess history 61 a to the operation unit 20. Basen on the masterinformation that is stored in the address book 60 a, the secondauthentication unit 62 performs the user authentication process on theuser on which the operation unit 20 cannot perform user authentication.

The second power management unit 64 reads operating mode information 65b representing the operating mode that is previously set by, forexample, the user and performs power supply control on the main unit ontransition of energy-saving mode and performs power supply control onthe main unit 10 on recovery of energy-saving mode.

The exemplary first embodiment will be further described in which it isassumed that the second authentication unit 62, the user management unit63, and the second power management unit 64 are implemented as softwareaccording to the user authentication program of the main unit 10. Notethat at least one of the second authentication unit 62, the usermanagement unit 63, and the second power management unit 64 may beimplemented by using hardware, such as an integrated circuit (IC), asdescribed above.

The user authentication program of the main unit 10 may be provided byrecording it in a file in an installable or executable form in acomputer-readable recording medium, such as a CD-ROM or a flexible disk(FD). Alternatively, the user authentication program of the main unit 10may be provided by recording it in a computer-readable recording medium,such as a CD-R, DVD, a Blu-ray disc (trademark), or a semiconductormemory, where DVD is an abbreviation of “digital versatile disk”.Alternatively, the user authentication program of the main unit 10 maybe provided by installing it via the network, such as the Internet. Theuser authentication program of the main unit 10 may be provided byincorporating it in, for example, the ROM of the device in advance.

User Authentication Operation

A user authentication process performed by the MFP 1 of the firstembodiment will be described with reference to the flowchart of FIG. 5.The user authentication process shown in the flowchart in FIG. 5 isperformed on the premise that the prioritized user management unit 54 ofthe operation unit 20 acquires the address book 60 a and the loginsuccess history 61 a that are stored in, for example, the HDD 14 of themain unit 10 and stores them in, for example, the RAM 23 of theoperation unit 20 when the MFP 1 is started (when the main power isturned on), just before transition to the energy-saving mode, or atgiven intervals. The address book 60 b is a copy of the address book 60a that is stored in the main unit 10. Similarly, the login successhistory 61 b is a copy of the login success history 61 a that is storedin the main unit 10. The prioritized user management unit 54 acquiresthe login success history information on each of a given number of usersstarting from the user corresponding to the latest login date from thelogin success history 61 b and stores the login success historyinformation as information on the user subjected to authenticated in,for example, the prioritized user list 52 in the RAM 23. Accordingly,the user authentication process in the flowchart of FIG. 5 can beexecuted.

In the IC card 5, for example, as shown in FIG. 4, unique identificationinformation (a card ID) is stored. FIG. 4 shows the example in which acard ID of “01010310DA09D027” is stored. When a contactless wirelesscommunication with the IC card 5 is enabled, the IC card control unit 55controls the card reader 6 such that the card reader 6 reads the card IDattached to the IC card 5.

In the exemplary first embodiment, the card ID is read from the IC card5. For example, in the IC card 5, in addition to the card ID, anothertype of authentication information, such as the user ID, is stored. Forthis reason, the IC card control unit 55 may read the other type ofauthentication information, such as the user ID, in addition to the cardID and use it for user authentication, which will be described below.

The entire user authentication process will be described with referenceto the flowchart of FIG. 5. At step S1 in the flowchart of FIG. 5, theoperation unit 20 displays a message inducing an operation for loggingin the MFP 1, such as “Log in”, on the operation panel 27. The user whorequires the use of the functions of the MFP 1 moves the IC card 5 ofthe user closer to the card reader 6. Accordingly, contactless wirelesscommunications are started between the IC card 5 and the card reader 6.

At step S2, the IC card control unit 55 monitors whether a contactlesswireless communication between the IC card 5 and the card reader 6 isstarted. Upon detecting that a contactless wireless communicationbetween the IC card 5 and the card reader 6 is started, the IC cardcontrol unit 55 determines that the card reader 6 detects the IC card 5(YES at step S2) and the process moves to step S3. The IC card controlunit 55 continues displaying the message inducing a login operation atstep S1 until the IC card control unit 55 detects the start of acontactless wireless communication between the IC card 5 and the cardreader 6 (NO at step S2).

Once a contactless wireless communication with the IC card 5 is enabled,the IC card control unit 55 controls the card reader 6 such that itreads the card ID that has been described with reference to, forexample, FIG. 4. Note that, as described above, another type ofauthentication information, such as the user ID, may be read in additionto the card ID.

At step S3, the first authentication unit 53 then collates the card ID,which is read, with each set of master information in the address book60 b that is copied in, for example, the RAM 23 of the operation unit20. The first authentication unit 53 then determines whether the cardID, which is read, is registered in the address book 60 b.

The fact that the card ID read from the IC card 5 is registered in theaddress book 60 b means that the IC card 5 that is currently used by theuser is the IC card 5 that is already registered in the address book 60a and the address book 60 b. In this case, the first authentication unit53 determines that the IC card 5 is not an unregistered card (isregistered) (NO at step S3), and the process moves to step S13.

On the other hand, the fact that the card ID that is read from the ICcard 5 is not registered in the address book 60 b means that the IC card5 that is currently used by the user is a new IC card that is notregistered in the address book 60 a and the address book 60 b. In thiscase, the first authentication unit 53 determines that the IC card 5 isan unregistered card (is not registered) (YES at step S3), and theprocess moves to step S4.

The process from step S13 to step S17 in the flowchart of FIG. 5 showsthe flow of the user authentication process. The process from step S4 tostep S12 shows the flow of the process of registering a new IC card 5.When the card ID that is read from the IC card 5 is registered in theaddress book 60 b, the user authentication process from step S13 to stepS17 is executed. On the other hand, when the card IC that is read fromthe IC card 5 is not registered in the address book 60 b, the process ofregistering a new IC card 5 from step S4 to step S12 is executed.

Process of Registering New IC Card

When the card ID that is read from the IC card 5 is not registered inthe address book 60 b and accordingly the process moves to the processof registering a new IC card 5, the first authentication unit 53displays a screen for inputting the user ID and the password on, forexample, the operation panel 27 at step S4. The first authenticationunit 53 induces the user who uses the IC card 5 whose card ID is notregistered to input the user ID and the password. The user operates theoperation panel 27 to input the user ID and the password that were usedto register another IC card 5.

In other words, the MFP 1 of the first embodiment is the MFP 1 that onlyauthorized users are permitted to use. For this reason, if the user isan authorized user, master information containing the card ID, the userID, and the password that were registered in the past should have beenregistered in the address book 60 b (and the address book 60 a). When anauthorized user uses a new IC card 5, the card ID that is read from theIC card 5 is a card ID that is not registered in the address book 60 b.For this reason, when the card ID that is read from the IC card 5 is notregistered in the address book 60 b, the first authentication unit 53requires the user to input the user ID and the password at step S4.

The first authentication unit 53 then collates the user ID and thepassword that are input by the user with the master information on eachuser in the address book 60 b. The fact that the user ID and thepassword that are input by the user are registered in the address book60 b means that the user is an authorized user who performed userregistration with a different IC card 5 in the past. In this case, thefirst authentication unit 53 determines that authentication succeeds atstep S5 (YES at step S5) and the process moves to step S6.

On the other hand, the fact that the user ID and the password that areinput by the user are not registered in the address book 60 b impliesthat the user is highly likely an unauthorized user, while it is alsoassumed that the user ID or (and) the password were input incorrectly.In this case, the first authentication unit 53 determines thatauthentication fails (NO at step S5) and the process moves to step S12where the user is required to input the user ID and the password again.The user then re-inputs the user ID and the password.

Each time the user re-inputs the user ID and the password, the firstauthentication unit 53 collates them with the address book 60 b todetermine whether authentication succeeds or fails. The firstauthentication unit 53 counts errors in inputting the user ID and thepassword. Upon counting an input error for a given number of times, forexample, for three times (the upper limit of failure is reached: YES atstep S12), the process moves to step S11. At step S11, the firstauthentication unit 53 registers the card ID as a card ID of anunauthorized IC card 5 in the RAM 23 and transfers the card ID to theuser management unit 63 of the main unit 10. The user management unit 63of the main unit 10 registers the transferred card ID as a card ID of anunauthorized IC card 5 in, for example, the HDD 14 of the main unit 10.

On the other hand, the fact that the user ID and the password that areinput by the user are registered in the address book 60 b means that theuser who input the user ID and the password is an authorized user andthe IC card 5 currently used is a new IC card (unregistered IC card) 5.In this case, the process moves to step S6 where the prioritized usermanagement unit 54 registers, in the address book 60 b, new masterinformation in which the card ID of the new IC card 5 and the user IDand the password that are input by the user are associated with oneanother, and the process moves to step S7. The prioritized usermanagement unit 54 transfers the new master information to the usermanagement unit 63 of the main unit 10. The user management unit 63 ofthe main unit 10 registers the new master information in the addressbook 60 a.

At step S7, the user management unit 63 generates login success historyinformation in which the card ID of the new IC card 5, the user ID thatis input from the user, and the login success date informationrepresenting the current date are associated with one another andregisters the login success history information in the login successhistory 61 b as login success history information on the latest date.The user management unit 63 also transfers the login success historyinformation on the latest date to the user management unit 63 of themain unit 10. The user management unit 63 registers the transferredlogin success history information on the latest date in the loginsuccess history 61 a.

In the login success history 61 b, sets of login success historyinformation in each of which a user ID and a card ID are associated witheach other are registered according to the descending order of loginsuccess dates. Among the sets of login success history information thatare registered in the login success history 61 b, sets of login successhistory information on a pre-determined number of users are registeredin, for example, the RAM 23 of the operation unit 20 as the prioritizeduser list 52.

Specifically, the prioritized user list 52 defines the number of usersthat can be registered, for example, 300. The login success historyinformation on 300 users counted from the user corresponding to thelatest login date is read from the login success history 61 b and thelogin success history information is registered in the prioritized userlist 52, for example, when the MFP 1 is started (when the main power isturned on), just before transition to the energy-saving mode, or atgiven intervals. When the number of users on which login success historyinformation is currently registered in the login success history 61 b issmaller than a possible upper limit of registration, the login successhistory information on 150 users currently registered in the loginsuccess history 61 b is registered in the prioritized user list 52.

The possible upper limit of registration in the prioritized user list 52is determined as described above. When new login success historyinformation is registered in the login success history 61 b, theprioritized user list 52 has to be simultaneously updated to onecontaining the new login success history information. For this reason,the prioritized user management unit 54 determines whether the number ofsets of login success history information registered in the prioritizeduser list 52 reaches the upper limit (300) at step S7. When it isdetermined that the number of sets of login success history informationregistered in the prioritized user list 52 does not reach the upperlimit (NO at step S8), the process moves to step S9.

When it is determined that the number of sets of login success historyinformation registered in the prioritized user list 52 reaches the upperlimit (YES at step S8), the process moves to step S10. At step S10, theprioritized user management unit 54 deletes, for example, the set oflogin success history information on the oldest login success date fromthe prioritized user list 52, and the process moves to step S9.

According to the exemplary first embodiment, when it is determined thatthe number of sets of login success history information registered inthe prioritized user list 52 reaches the upper limit, the set of loginsuccess history information on the oldest login success date is deletedfrom the prioritized user list 52. Then the new login success historyinformation is registered in the prioritized user list 52.

When it is determined that the number of sets of login success historyinformation registered in the prioritized user list 52 reaches the upperlimit, multiple sets of login success history information on, forexample, 10 users counted from the set of login success historyinformation on the oldest login success date may be deleted. Thereafter,until the number of sets of registered login success history informationreaches the upper limit, new login success history information may beregistered in the prioritized user list 52.

In addition to the card ID, the user ID, and the login success history,login frequency (frequency at which the MFP 1 is used), the group towhich the user belongs, and the job title of the user may be registeredin the prioritized user list 52 to automatically choose subjects to bedeleted according to those types of registered information.

The upper limit of possible registration in the prioritized user list 52may be automatically or manually added, for example, from 300 to 310.

The prioritized user list 52 may be stored in a storage medium, such asa semiconductor memory card or a magnetic card, such that theprioritized user list 52 is transferrable to an apparatus, such as aanother MFP 1.

Then, at step S9, the prioritized user management unit 54 registers thenew login success history information, which is registered in the loginsuccess history 61 b, in the prioritized user list 52 as the latestlogin success history information.

Thereafter, the process moves to step S16 where the CPU 11 of the mainunit 10 controls the engine 17 to cause the CPU 11 of the main unit 10to provide a function corresponding to the user authority. At step S16,the CPU 11 of the main unit 10 provides a given function until a logoutoperation performed by the user or timeout is detected at step S17 (NOat step S17).

User Authentication Process

Then, when the card ID that is read from the IC card 5 is registered inthe address book 60 b, the process moves to the user authenticationprocess from step S13 to step S17. At step S13, the first authenticationunit 53 collates the card ID that is read from the IC card 5 with theprioritized user list 52. At step S14, the first authentication unit 53determines whether the login success history information correspondingto the card ID is registered in the prioritized user list 52. Theprioritized user list is a user list of users who succeeded in loginrecently (within, for example, one hour or two days).

When the login success history information corresponding to the card IDcannot be detected from the prioritized user list 52 (NO at step S14),the process moves to step S7. At step S7, the prioritized usermanagement unit 54 generates new login success history information byassociating the card ID that is read from the IC card 5, the user IDcorresponding to the card ID, and the login success date informationrepresenting the current date with one another and registers the newlogin success history information in the login success history 61 b.Furthermore, the prioritized user management unit 54 transfers thegenerated new login success history information to the user managementunit 63 of the main unit 10. The user management unit 63 of the mainunit 10 updates the login success history 61 a stored in, for example,the HDD 14 of the main unit 10 according to the transferred new loginsuccess history information.

Furthermore, the prioritized user management unit 54 determines, at stepS7 and step S8, whether the number of sets of login success historyinformation registered in the prioritized user list 52 reaches the upperlimit. When the number of sets of login success history informationreaches the upper limit, the prioritized user management unit 54 deletesa given number of sets of login success history information at step S10.The prioritized user management unit 54 then registers new login successhistory information in the prioritized user list 52 at step S9.

Thereafter, the process moves to step S16 where the CPU 11 of the mainunit 10 controls the engine 17 to cause the CPU 11 of the main unit 10to provide a function corresponding to the user authority. The CPU 11 ofthe main unit 10 provides a given function until a logout operationperformed by the user or timeout is detected at step S17 (NO at stepS17).

On the other hand, when, at step S14, the login success historyinformation corresponding to the card ID is detected in the prioritizeduser list 52 (YES at step S14), the process moves to step S15. At stepS15, the prioritized user management unit 54 updates the login successdate information in the login success history information correspondingto the card ID, which is information that is detected from theprioritized user list 52, to the current date.

Accordingly, the login success history information on the IC card thatis currently used by the user is registered in the prioritized user list52 as the latest login success history information. Once the prioritizeduser management unit 54 performs the process of updating the prioritizeduser list 52, the prioritized user management unit 54 updates the loginsuccess history 61 b according to the latest login success historyinformation and transfers the latest login success history informationto the user management unit 63 of the main unit 10. The user managementunit 63 updates the login success history 61 a that is stored in, forexample, the HDD 14 of the main unit 10 according to the transferredlatest login success history information.

Then, when the prioritized user list 52 is updated, the process moves tostep S16 where the engine 17 is controlled such that the CPU 11 of themain unit 10 provides a function corresponding to the user authority.The CPU 11 of the main unit 10 provides a given function at step S16until when a logout operation performed by the user or timeout isdetected at step S17 (NO at step S17).

Power Supply Control

When the card reader 6 is connected to the main unit of the MFP 1 and isdriven, power supply to the card reader 6 is turned on/off according tothe energy-saving mode of the main unit and an inconvenience occurs inthat the energy-saving mode of the operation unit transitions. For thisreason, when the main unit transitions to the energy-saving mode, it isnecessary to maintain the energy-saving mode of the main unit at a“silent state (silent mode)” or higher in order for login using the ICcard. In the silent mode, the engine of the main unit is kept driven,which causes an inconvenience in that the life of the engine shortens.

For this reason, in the MFP 1 of the first embodiment, the main unit 10and the operation unit 20 are physically different devices and the cardreader 6 is connected to the operation unit 20 that is separated fromthe main unit 10. Furthermore, it is determined whether it is possibleto perform a login with an IC card 5 in the energy-saving mode accordingto transition not of the energy-saving mode of the main unit 10 but ofthe energy-saving mode of the operation unit 20.

FIG. 6 shows energy-saving modes of the main unit 10, energy-savingmodes of the operation unit 20, and operating modes of the card reader6. An energy-saving mode is a mode where power consumption is reduced bystopping power supply to a given hardware resource. The main unit 10 andthe operation unit 20 have multiple energy-saving modes.

For example, the main unit 10 has, as the energy-saving modes, a“standby mode (standby state)”, a “low-power mode (low-power state)”, a“silent mode (silent state)”, an “engine-off mode (engine-off)”, and a“suspend to RAM (STR) mode”. The power consumption in the “standby mode(standby state)” is the highest and power consumption in the SIR mode isthe lowest. In the SIR mode, the current state is saved in the memory(RAM 13) and power supply to most devices, such as the CPU 11 and theHDD 14, is stopped.

For example, the operation unit 20 has, as the energy-saving modes, a“LCD-on mode (LCD ON)” in which the LCD of the operation panel 27 iskept on, a “LCD-off mode (LCD OFF)” in which the LCD of the operationpanel 27 is kept off, and a “sleep mode (SLEEP)” in which the LCD iskept off and conduction through most hardware resources is stopped.

Furthermore, the card reader 6 has a “reader-on mode (Reader ON)” inwhich conduction is kept and a “reader-off mode (Reader OFF)” in whichpower is kept stopped. In the reader-on mode, it is possible to performcontactless wireless communications with the IC card 5. On the otherhand, in the reader-off mode, it is impossible to perform contactlesswireless communications with the IC card 5.

The operation panel 27 of the operation unit 20 is in the LCD-on mode orthe LCD-off mode, the first power management unit 56 of the operationunit 20 supplies power to the card reader 6. Accordingly, the cardreader 6 enters the reader-on mode where the card reader 6 is keptdriven, which makes it possible to perform a login operation with the ICcard 5. On the other hand, when the operation unit 20 enters the sleepmode, the first power management unit 56 of the operation unit 20 stopspower supply to the card reader 6. In this case, contactless wirelesscommunications with the IC card 5 cannot be performed and accordingly itis impossible to perform a login operation using the IC card 5.

When it is impossible to perform the login operation, it is possible torecover the operation unit 20 to the LCD-on mode by performing anoperation of touching the operation unit 20 or an operation of, forexample, setting an original on the main unit 10.

Even when the main unit 10 enters the engine-off mode, power is suppliedfrom the operation unit 20 to the card reader 6 by keeping theenergy-saving mode of the operation unit 20 not transitioning to theLCD-off mode or lower (not transitioning to the sleep mode), whichmaintains the reader-on mode of the card reader 6. Accordingly, it ispossible to perform a login operation with the IC card 5.

In the MFP 1 of the first embodiment, conditions for recovering from theenergy-saving mode with the IC card 5 can be set finely. In other words,assume that the card reader 6 is connected to the main unit 10 of theMFP 1 and the address book 60 a of the main unit 10 or theauthentication server device that is connected to the main unit 10 viathe network is used to perform the user authentication process. In thiscase, in order to perform the login operation with the IC card 5 in anenergy-saving mode, for example, it is necessary to start the HDD 14 inwhich the address book 60 a of the main unit 10 is saved or communicatewith the authentication server device on the network 40.

For this reason, the MFP 1 of the first embodiment connects the cardreader 6 not to the main unit 10 but to the operation unit 20. Then theuser authentication process is performed only by the operation unit 20by using the address book 60 b that is previously cached from the mainunit 10 in the operation unit 20. Accordingly, without recovering themain unit 10 from the energy saving mode, user authentication can beperformed with the IC card 5. In other words, without depending on themain unit 10, the user authentication process can be performed by onlythe operation unit 20.

When the card reader 6 is connected to the main unit 10 of the MFP 1 andthe main unit 10 transitions to an energy-saving mode, power is notsupplied to the card reader 6, which makes it difficult to perform acontactless wireless communication with the IC card 5. This problem islikely to be solved by keeping the energy-saving mode of the main unittransitioning to only energy saving modes in which power supply can besupplied to the card reader 6 and by enabling power supply to the cardreader 6 for, for example, 10 hours at maximum. After 10 hours, however,power is not supplied to the card reader 6, which makes it difficult torecover the main unit 10 from the energy saving mode with the IC card 5.In this case, it is necessary to recovery the main unit 10 from theenergy-saving mode by performing a touch operation on the operation unitor setting an original on the main unit.

For this reason, in the MFP 1 of the first embodiment, it is possible toconnect the card reader 6 to the operation unit 20 and set conditionsfor transition of the energy-saving mode differently between theoperation unit 20 and the main unit 10. This allows user authenticationwith the IC card 5 without recovering the main unit 10 from theenergy-saving mode. In other words, without depending on the main unit10, the user authentication process can be performed by only theoperation unit 20.

In the MFP 1 of the first embodiment, while the main unit 10 is causedto transition to the energy saving mode at the lowest power consumption,the operation unit 20 is only allowed to transition to energy savingmodes in which the card reader 6 can be kept supplied with power.Furthermore, in the MFP 1 of the first embodiment, the main unit 10 iskept in the standby mode without turning power off to enable all thefunctions at any time and the operation unit 20 is kept in the sleepmode.

The flowchart of FIG. 7 shows the flow of operations performed by themain unit 10 and the operation unit 20 to transition to givenenergy-saving modes. The flowchart starts when a given time, such asfive minutes, elapses after the main unit 10 and the operation unit 20enter the non-operation state or the non-communication state, and theprocess is executed from step S21.

At step S21, the CPU 11 of the main unit 10 and the CPU 21 of theoperation unit 20 communicate with each other to start the operation oftransitioning to energy-saving modes. According to the userauthentication program 51 that is stored in the ROM 22, the CPU 21 ofthe operation unit 20 functions as the first power management unit 56and refers to the operating mode information 65 a that is stored in theRAM 23.

The operating mode information 65 a and the operating mode information65 b of the main unit 10 to be described below are set by default, orare chosen by the user and set, and are stored in the RAM 23 and the HDD14. The first power management unit 56 refers to the operating modeinformation 65 a that is stored in the RAM 23 to determine whether alogin performance prioritized mode is set.

The login performance prioritized mode is a mode in which the operatingmode of the operation unit 20 is maintained at an energy-saving mode inwhich the card reader 6 connected to the operation unit 20 is able toread the authentication information of the IC card 5. When it isdetermined at step S22 that the login performance prioritized mode isset (YES at step S22), the process moves to step S24. When it isdetermined that the login performance prioritized mode is not set (NO atstep S22), the process moves to step S25.

At step S24 corresponding to the first process, because the loginperformance prioritized mode is set, the first power management unit 56causes transition of the operating mode of the operation unit 20 to thelowest energy-saving mode enabling power supply to the card reader 6,and the process of the flowchart of FIG. 7 ends.

The lowest energy-saving mode enabling power supply to the card reader 6is the LCD-off mode as shown in FIG. 6 in the first embodiment. In theLCD-off mode, while power consumption increases, it is possible toshorten the time from when the IC card 5 is held against the card reader6 in the energy-saving mode to when the login operation completes.

On the other hand, at step S25 corresponding to a second process, thelogin performance prioritized mode is not set, the first powermanagement unit 56 causes transition of the operating mode of theoperation unit 20 to the energy-saving mode in which power consumptionis the lowest, and the process of the flowchart of FIG. 7 ends.

In the energy-saving mode in which power consumption is the lowest isthe sleep mode in the first embodiment as shown in FIG. 6. While thesleep mode requires a time to complete a login operation by holding theIC card 5 against the card reader 6 in the energy-saving mode, itsignificantly reduces power consumption.

On the other hand, when the operation for transition to an energy-savingmode is started in the main unit 10, the CPU 11 functions as the secondpower management unit 64 according to the user authentication program.At step S23, the second power management unit 64 refers to the operatingmode information 65 b that is stored in the HDD 14 to determine whethera main unit energy-saving prioritized mode is set.

The main unit energy-saving prioritized mode is an operating mode of themain unit 10 in which conduction through most hardware resources of themain unit 10 is stopped to reduce power consumption. When it isdetermined at step S23 that the main unit energy-saving prioritized modeis set (YES at step S23), the process moves to step S26. When it isdetermined at step S23 that the main unit energy-saving prioritized modeis not set (NO at step S23), the process moves to step S27.

At step S26 corresponding to a fourth process, because the main unitenergy-saving prioritized mode is set, the second power management unit64 cause transition of the operating mode of the main unit 10 to thelowest energy-saving mode, and the process of the flowchart of FIG. 7ends. In the first embodiment, the lowest energy-saving mode is the STRmode as shown in FIG. 6. While the STR mode requires a time to recoverthe functions of the main unit 10, it significantly reduces powerconsumption.

On the other hand, at step S27 corresponding to a third process, becausethe main unit energy-saving prioritized mode is not set, the secondpower management unit 64 causes transition of the operating mode of themain unit 10 to the lowest energy-saving mode in which the engine 17 ofthe main unit 10 is kept at the on state, and the process of theflowchart of FIG. 7 ends.

In the first embodiment, the lowest energy-saving mode in which theengine 17 is kept at the on state is the silent mode as shown in FIG. 6.In the silent mode, while power consumption increases slightly, theengine 17 is kept driven and therefore the functions can be used anytime.

With reference to the flowchart of FIG. 8, an operation of recoveringthe main unit 10 and the operation unit 20 from the energy-saving modewill be described. The flowchart of FIG. 8 starts when the operationunit 20 transitions to the LCD-off mode that is the operating mode inwhich power is supplied to the card reader 6 in the state where the LCDof the operation panel 27 is off, and the process is sequentiallyperformed from step S31.

In the LCD-off mode, power is supplied from the operation unit 20 to thecard reader 6. For this reason, the card reader 6 is able to perform acontactless wireless communication at any time with the IC card 5. Oncea contactless wireless communication is started between the card reader6 and the IC card 5, the first power management unit 56 of the operationunit 20 starts an operation of recovery from the energy-saving mode andthe process moves to step S32.

At step S32, the first power management unit 56 refers to the operatingmode information 65 a that is stored in the RAM 23 to determine whetherthe engine life prioritized mode is set. The engine life prioritizedmode is an operating mode in which the engine 17 for the scannerfunction, the printing function, the FAX function, etc., of the mainunit 10 is not started and only the operation unit 20 is recovered fromthe energy-saving mode to enable, for example, the use of cloud servicesby performing operations on the screen. When the engine life prioritizedmode is set (YES at step S32), the process moves to step S33. When theengine life prioritized mode is not set (NO at step S32), the processmoves to step S34.

When it is determined that the engine life prioritized mode is set andaccordingly the process moves to step S33 corresponding to a sixthprocess, the first power management unit 56 transmits informationrepresenting that the engine life prioritized mode is set to notify thesecond power management unit 64 of the main unit 10 of the fact. At stepS33, according to the notification, the second power management unit 64of the main unit 10 recovers the operating mode of the main unit 10 tothe lowest energy-saving mode in which the engine 17 is not started.Then the process moves to step S35. In the first embodiment, the lowestenergy-saving mode in which the engine 17 is not driven is theengine-off mode as shown in FIG. 6.

On the other hand, when it is determined that the engine lifeprioritized mode is not set and accordingly the process moves to stepS34 corresponding to a fifth process, the first power management unit 56transmits information representing that the engine life prioritized modeis not set to notify the second power management unit 64 of the mainunit 10 of the fact. At step S34, according to the notification, thesecond power management unit 64 of the main unit 10 causes conductionthrough the engine 17, etc., and recovers the operating mode of the mainunit 10 to the standby mode that is the energy-saving mode in whichpower consumption is the highest. Then the process moves to step S35.

At step S35, the first power management unit 56 of the operation unit 20recovers the operating mode of the operation unit 20 to the LCD-on mode.Accordingly, when the engine life prioritized mode is set, in the statewhere the operating mode of the main unit 10 is kept in the engine-offmode in which the engine 17 is not driven, only the operation unit 20 isdriven, which makes it possible to acquire the authenticationinformation from the IC card 5 via the card reader 6. The firstauthentication unit 53 performs the above-described user authenticationprocess by using the authentication information that is acquired fromthe IC card 5.

Effect of First Embodiment

As is clear from the above descriptions, in the MFP 1 of the firstembodiment, it is possible to perform the user authentication process bystarting only the operation unit 20 without starting the main unit 10.This increases the life of the engine 17 of the main unit 10.

Second Embodiment

An authentication system 92 according to a second embodiment of thepresent invention will be described here. In the authentication system92 of the second embodiment, an authentication server device that isprovided on a network performs the above-described user authenticationprocess.

Hardware Configuration of Authentication System of Second Embodiment

FIG. 9 shows a hardware configuration of the authentication system 92according to the second embodiment. In FIG. 9, components performing thesame operations as those of the first embodiment are denoted with thesame reference numerals as those of the first embodiment. For thedetails of the operations, the descriptions of the first embodiment canbe referred to. As shown in FIG. 9, in the authentication system 92 ofthe second embodiment, the communication I/F 25 of the operation unit 20of the MFP 1 is connected to the network 40, such as the Internet, and acommunication I/F 75 of an authentication server device 70 is connectedto the network 40. Accordingly, the MFP 1 and the authentication serverdevice 70 are connected with each other via the network 40, whichconfigures the authentication system 92 of the second embodiment.

The authentication server device 70 is formed by connecting a CPU 71, aROM 72, a RAM 73, a HDD 74, and the communication I/F 75 with oneanother via a system bus 76.

The CPU 71 controls overall operations of the authentication serverdevice 70. The CPU 71 uses the RAM 73 as a work area and executes aprogram that is stored in, for example, the ROM 72 to control overalloperations of the authentication server device 70. The CPU 71 furtherexecutes the user authentication program that is stored in, for example,the ROM 72 to implement the user authentication operation that isdescribed with respect to the first embodiment. The communication I/F 75is an interface for communicating with the MFP 1 on the network 40.

In the RAM 73 (or another storage unit, such as a flash memory), theaddress book 60 b and the login success history 61 b that are previouslytransmitted from the operation unit 20 of the MFP 1 are stored. The CPU71 stores sets of login success history information on a given number ofusers from the latest login success history information as theprioritized user list 52 in the RAM 73.

Function of Authentication System according to Second Embodiment FIG. 10shows a functional block diagram of the authentication system 92 of thesecond embodiment. According to FIG. 10, the authentication serverdevice 70 includes the units of the prioritized user management unit 54including an authentication unit 77 and the prioritized user managementunit 54. The CPU 71 shown in FIG. 9 executes at least one program thatis installed in the authentication server device 70 and accordingly eachof the units operates. The authentication server device 70 stores theuser authentication program 51 for performing the above-described userauthentication process in the ROM 72 shown in FIG. 9. Furthermore, theauthentication server device 70 stores the address book 60 b and thelogin success history 61 b that are transferred from the main unit 10via the operation unit 20 and the prioritized user list 52 obtained bylisting the prioritized user information that is generated from thelogin success history 61 b. These types of information are stored in,for example, the ROM 72 and the RAM 73 shown in FIG. 9 (or anotherstorage device, such as the HDD 74 or a flash memory (not shown in FIG.9)).

The CPU 71 of the authentication server device 70 operates according tothe user authentication program 51 to function as the prioritized usermanagement unit 54 and function as the authentication unit 77corresponding to the first authentication unit 53 (FIG. 3) describedwith respect to the first embodiment.

Operation of Authentication System of Second Embodiment

In the authentication system 92, the operation unit 20 of the MFP 1transmits the address book 60 a that is stored in the main unit 10 asmaster information on each user to the authentication server device 70in advance. The authentication server device 70 stores the transmittedaddress book 60 a in, for example, the RAM 73 as the address book 60 b.Furthermore, on a login operation, the operation unit 20 of the MFP 1transmits the card ID that is read from the IC card 5 of the user to theauthentication server device 70 via the IC card I/F 29 according to theaction of the IC card control unit 55. The authentication unit 77 of theauthentication server device 70 performs user authentication bycollating the card ID, which is transmitted from the MFP 1, with theaddress book 60 b, which is stored in the authentication server device70. The CPU 71 generates login success history information in which theuser ID who succeeded in user authentication, the card ID, and the loginsuccess date information are associated with one another and stores thelogin success history information in, for example, the RAM 73 as thelogin success history 61 b. Furthermore, the authentication unit 77 ofthe authentication server device 70 stores sets of login success historyinformation on the given number of users from the set of login successhistory information on the latest login success date in, for example,the RAM 73 as the prioritized user list 52. This enables theabove-described user authentication process.

In other words, the operation unit 20 of the MFP 1 transmits the card IDthat is read by the IC card I/F 29 on a login operation to theauthentication server device 70. The authentication unit 77 of theauthentication server device 70 collates the card ID that is transmittedfrom the MFP 1 with the prioritized user list 52. When the card IDtransmitted from the MFP 1 is in any one of sets of login successhistory information in the prioritized user list 52, the authenticationunit 77 authenticates the user of the card ID, which is transmitted fromthe MFP 1, as an authorized user. The authentication result is thentransmitted to the operation unit 20 of the MFP 1 via the network 40.When the CPU 21 of the operation unit 20 obtains the authenticationresult representing that the user is an authorized user, the CPU 21 ofthe operation unit 20 communicates with the CPU 11 of the main unit 10to enable the use of the MFP 1.

Effect of Second Embodiment

In the authentication system 92 of the second embodiment, because theauthentication server device 70 performs the user authenticationprocess, the load of the MFP 1 can be reduced and the same effect asthat from the first embodiment can be obtained.

Third Embodiment

An authentication system 94 of a third embodiment of the invention willbe described. In the authentication system 94 of the third embodiment,multiple authentication server devices are provided on a network and theauthentication server devices share in performing the above-describeduser authentication process.

Configuration of Authentication System According to Third Embodiment

FIG. 11 shows a system configuration of the authentication system 94 ofthe third embodiment. In FIG. 11, the components performing the sameoperations as those of the first embodiment are denoted with the samereference numerals as those of the first embodiment. For the details ofthe operations, the descriptions of the first embodiment can be referredto. As shown in FIG. 11, the authentication system 94 of the thirdembodiment is configured by connecting a first server device 81 thatperforms a process of registering a new IC card, a second server device82 that performs user authentication, and the MFP 1 with one another viathe network 40.

The first server device 81 that performs the process of registering anew IC card is an exemplary first server device. The second serverdevice 82 that performs user authentication is exemplary second serverdevice. The MFP 1 has the configuration that is described above withreference to FIG. 1 and includes the CPU 11 and the engine 17. The MFP 1further includes the prioritized user management unit 54 and the IC cardcontrol unit 55 as described with reference to FIG. 3. As described withreference to FIG. 1, the MFP 1 includes the communication I/F 25 and theRAM 23.

The first server device 81 is a server device that performs the processof registering a new IC card that corresponds to the process from stepS4 to step S12 in the flowchart of FIG. 5. The first server device 81includes a first authentication unit 87 that is a function implementedby the CPU by executing the user authentication program. The firstauthentication unit 87 stores the address book 60 transmitted from theMFP 1 in the first server device 81. The first authentication unit 87stores the login success history information that is generated bycollating the card ID of the IC card, which is transmitted from the MFP1 on a login operation, with the address book 60 in the login successhistory 61 of the first server device 81.

The second server device 82 is a server device that performs a userauthentication process corresponding to the process from step S13 tostep S17 in the flowchart of FIG. 5. The second server device 82includes the second authentication unit 90 that is the functionimplemented by the CPU by executing the user authentication program. Thesecond server device 82 stores sets of login success history informationon the given number of users from the latest login success historyinformation, which is transmitted from the first server device 81, inthe prioritized user list 52 of the second server device 82.

Operation of Authentication System of Third Embodiment

In the authentication system 94, the operation unit 20 of the MFP 1transmits the address book 60 b in which master information on each useris stored to the first server device 81 in advance. The firstauthentication unit 87 of the first server device 81 stores thetransmitted address book 60 b in the address book 60 of the first serverdevice 81. The operation unit 20 of the MFP 1 transmits the card ID thatis read from the IC card 5 of the user via the IC card I/F 29 on a loginoperation to the first server device 81 and the second server device 82.

The first authentication unit 87 of the first server device 81 collatesthe card ID that is transmitted from the MFP 1 with the address book 60that is stored in the first server device 81 to perform userauthentication. Then the first authentication unit 87 generates loginsuccess history information in which the user ID of the user whosucceeded in a login, the card ID, and the login success dateinformation are associated with one another and stores the login successhistory information in the login success history 61 of the first serverdevice 81. Furthermore, the first authentication unit 87 of the firstserver device 81 reads sets of login success history information on thegiven number of users from the login success history information on thelatest login success date from the login success history 61 andtransmits the sets of login success history information to the secondserver device 82 via the network 40.

Furthermore, when the card ID transmitted from the MFP 1 is notregistered in the address book 60, the first authentication unit 87 ofthe first server device 81 issues, to the MFP 1, a request for inputtinguser information, such as the user ID and the password. The firstauthentication unit 87 collates the user information transmitted fromthe MFP 1 in response to the input request with the user information inthe address book 60 to perform user authentication. When an error ininputting user information is detected for multiple times as a result ofuser authentication, the first authentication unit 87 transmits theresult of user authentication representing that the user is anauthorized user to the MFP 1.

On the other hand, when the card ID transmitted from the MFP 1 isregistered in the address book 60, this means that an IC card of a newunregistered card ID is used. The first authentication unit 87 thereforeregisters the new card ID, the user ID, and the password in the addressbook 60. Furthermore, the first authentication unit 87 notifies the MFP1 of the new card ID, the user ID, and the password that are newlyregistered in the address book 60. The MFP 1 updates the address book(60 a) that is stored in, for example, the HDD 14 of the main unit 10according to the new card ID, the user ID, and the password that arenotified.

Furthermore, the first authentication unit 87 generates the latest loginsuccess history information in which the new card ID, the user ID, andthe login success date information are associated and registers thelatest login success history information in the login success history61. The first authentication unit 87 reads sets of login success historyinformation on the given number of users from the set of login successhistory information on the latest login success date from the loginsuccess history 61 and transmits the login success history informationto the second server device 82 via the network 40.

The second server device 82 stores the sets of login success historyinformation on the given number of users that are transmitted from thefirst server device 81 in the prioritized user list 52. The secondauthentication unit 90 of the second server device 82 collates the cardID transmitted from the MFP 1 with the prioritized user list 52. Whenthe card ID transmitted from the MFP 1 is in any one of the sets oflogin success history information in the prioritized user list 52, thesecond authentication unit 90 authenticates the user of the card ID,which is transmitted from the MFP 1, as an authorized user. Theauthentication result is then transmitted to the operation unit 20 ofthe MFP 1 via the network 40. When the operation unit 20 obtains theauthentication result representing that the user is an authorized userfrom the second server device 82, the operation unit 20 communicateswith the main unit 10 to enable the use of the MFP 1.

Effect of Third Embodiment

In the authentication system 94 of the third embodiment, because thefirst server device 81 and the second server device 82 share the userauthentication process, the load of the MFP 1, the first server device81, and the second server device 82 can be reduced significantly and thesame effect as that from the above-described first embodiment can beobtained.

The above-described embodiments are represented as examples only and arenot intended to limit the scope of the invention. These new embodimentscan be carried out in various modes, and various omissions,replacements, and changes can be made within the scope of the invention.

For example, according to the descriptions of the embodiments, theinvention is applied to the MFP 1 in which the operation unit 20 isdetachable from and attachable to the main unit 10; however, the sameeffect as that described above can be obtained even with an apparatus,such as a MFP, in which an operation unit is fixed to a main unit.

Because the MFP 1 of the embodiments is an example to which the presentinvention is applied, the present invention may be applied to any deviceother than the MFP 1, such as a projector device, a TV conferencesystem, or a digital camera, as long as the device performs userauthentication.

According to the embodiment, an effect is achieved it is possible toprevent an inconvenience that the life of the device is shortened due toconduction on user authentication.

The above-described embodiments are illustrative and do not limit thepresent invention. Thus, numerous additional modifications andvariations are possible in light of the above teachings. For example, atleast one element of different illustrative and exemplary embodimentsherein may be combined with each other or substituted for each otherwithin the scope of this disclosure and appended claims. Further,features of components of the embodiments, such as the number, theposition, and the shape are not limited the embodiments and thus may bepreferably set. It is therefore to be understood that within the scopeof the appended claims, the disclosure of the present invention may bepracticed otherwise than as specifically described herein.

The method steps, processes, or operations described herein are not tobe construed as necessarily requiring their performance in theparticular order discussed or illustrated, unless specificallyidentified as an order of performance or clearly identified through thecontext. It is also to be understood that additional or alternativesteps may be employed.

Further, any of the above-described apparatus, devices or units can beimplemented as a hardware apparatus, such as a special-purpose circuitor device, or as a hardware/software combination, such as a processorexecuting a software program.

Further, as described above, any one of the above-described and othermethods of the present invention may be embodied in the form of acomputer program stored in any kind of storage medium. Examples ofstorage mediums include, but are not limited to, flexible disk, harddisk, optical discs, magneto-optical discs, magnetic tapes, nonvolatilememory, semiconductor memory, read-only-memory (ROM), etc.

Alternatively, any one of the above-described and other methods of thepresent invention may be implemented by an application specificintegrated circuit (ASIC), a digital signal processor (DSP) or a fieldprogrammable gate array (FPGA), prepared by interconnecting anappropriate network of conventional component circuits or by acombination thereof with one or more conventional general purposemicroprocessors or signal processors programmed accordingly.

Each of the functions of the described embodiments may be implemented byone or more processing circuits or circuitry. Processing circuitryincludes a programmed processor, as a processor includes circuitry. Aprocessing circuit also includes devices such as an application specificintegrated circuit (ASIC), digital signal processor (DSP), fieldprogrammable gate array (FPGA) and conventional circuit componentsarranged to perform the recited functions.

What is claimed is:
 1. An apparatus comprising: a first unit configuredto provide a given function; and a second unit configured to beconnected to the first unit, the second unit including: an acquisitionunit configured to acquire authentication information from anauthentication medium; an authentication unit configured to use theacquired authentication information to perform a user authenticationprocess that enables the use of the function of the first unit; and afirst power management unit configured to, when the first unittransitions to an energy-saving mode in which power consumption isreduced by stopping power supply to a given hardware resource, cause thesecond unit to transition to the energy-saving mode while theacquisition unit is kept in a driven state and, on the userauthentication process, recover the second unit from the energy-savingmode such that the authentication unit performs the user authenticationprocess.
 2. The apparatus according to claim 1, wherein the first powermanagement unit performs any chosen one of a first process of causingthe second unit to transition to the energy-saving mode while theacquisition unit is kept in the driven state and a second process ofcausing the second unit to transition to an energy-saving mode in whichthe acquisition unit is kept in a stopped state and power consumption islower than that achieved by the first process.
 3. The apparatusaccording to claim 1, wherein the first unit includes a second powermanagement unit configured to cause the first unit to transition to anenergy-saving mode in which power consumption is reduced by stoppingpower supply to a given hardware resource, and the second powermanagement unit performs, on transition to the energy-saving mode, anychosen one of a third process of, after an engine of the first unitenters a driven state, causing the first unit to transition to theenergy saving mode and a fourth process of, after informationrepresenting a current condition is stored in a storage unit, causingthe first unit to transition to an energy-saving mode in whichconduction is limited to the storage unit.
 4. The apparatus according toclaim 3, wherein the second power management unit performs, on the userauthentication process, any chosen one of a fifth process of causing theengine of the first unit to recover to the driven state and stand by anda sixth process of, on the user authentication process, keeping theengine in a stopped state to implement an energy-saving mode in whichpower consumption is the lowest.
 5. The apparatus according to claim 1,further comprising a transmitter configured to transmit theauthentication information that is acquired by the acquisition unit fromthe authentication medium to an authentication server device on a givennetwork, wherein the authentication unit uses an authentication resultthat is sent back from the authentication server device to perform theuser authentication process.
 6. The apparatus according to claim 5,wherein the authentication server device includes at least a firstserver device and a second server device, the first server device usesthe authentication information that is transmitted from the transmitterto perform the user authentication process and transmits historyinformation on an authentication result representing that a user isauthenticated as an authorized user, the second server device collatesthe history information that is received from the first server devicewith the authentication information that is transmitted from thetransmitter to perform the user authentication process and transmits anauthentication result, and the authentication unit uses theauthentication result that is sent back from the second server device toperform the user authentication process.
 7. An authentication processmethod performed by an authentication system including a first unit thatprovides a given function and a second unit that is connected to thefirst unit, the authentication process method comprising: acquiringauthentication information from an authentication medium, the acquiringperformed by an acquisition unit of the second unit; using the acquiredauthentication information to perform a user authentication process thatenables the use of the function of the first unit, the using performedby an authentication unit of the second unit; and when the first unittransitions to an energy-saving mode in which power consumption isreduced by stopping power supply to a given hardware resource, causingthe second unit to transition to the energy-saving mode while theacquisition unit is kept in a driven state and, on the userauthentication process, recovering the second unit from theenergy-saving mode such that the authentication unit performs the userauthentication process, the causing and the recovering performed by afirst power management unit of the second unit.
 8. The authenticationprocess method according to claim 7, wherein in the causing and therecovering, it is performed any chosen one of a first process of causingthe second unit to transition to the energy-saving mode while theacquisition unit is kept in the driven state and a second process ofcausing the second unit to transition to an energy-saving mode in whichthe acquisition unit is kept in a stopped state and power consumption islower than that achieved by the first process.
 9. The authenticationprocess method according to claim 7, wherein the first unit includes asecond power management unit configured to cause the first unit totransition to an energy-saving mode in which power consumption isreduced by stopping power supply to a given hardware resource, and it isperformed, by the second power management unit, on transition to theenergy-saving mode, any chosen one of a third process of, after anengine of the first unit enters a driven state, causing the first unitto transition to the energy saving mode and a fourth process of, afterinformation representing a current condition is stored in a storageunit, causing the first unit to transition to an energy-saving mode inwhich conduction is limited to the storage unit.
 10. The authenticationprocess method according to claim 9, wherein It is performed, by thesecond power management unit, on the user authentication process, anychosen one of a fifth process of causing the engine of the first unit torecover to the driven state and stand by and a sixth process of, on theuser authentication process, keeping the engine in a stopped state toimplement an energy-saving mode in which power consumption is thelowest.
 11. The authentication process method according to claim 7,further comprising transmitting the authentication information that isacquired by the acquisition unit from the authentication medium to anauthentication server device on a given network, Wherein, by theauthentication unit, an authentication result that is sent back from theauthentication server device is used to perform the user authenticationprocess.
 12. The authentication process method according to claim 11,wherein the authentication server device includes at least a firstserver device and a second server device, by the first server device,the authentication information that is transmitted from the transmitteris used to perform the user authentication process and historyinformation is transmitted on an authentication result representing thata user is authenticated as an authorized user, by the second serverdevice, the history information that is received from the first serverdevice is collated with the authentication information that istransmitted from the transmitter to perform the user authenticationprocess and an authentication result is transmitted, and by theauthentication unit, the authentication result that is sent back fromthe second server device is used to perform the user authenticationprocess.
 13. A computer program product containing an authenticationprocess program executed by an authentication system including a firstunit that provides a given function and a second unit that is connectedto the first unit, the program causes a computer of the second unit toexecute acquiring authentication information from an authenticationmedium, the acquiring performed by an acquisition unit of the secondunit; using the acquired authentication information to perform a userauthentication process that enables the use of the function of the firstunit, the using performed by an authentication unit of the second unit;and when the first unit transitions to an energy-saving mode in whichpower consumption is reduced by stopping power supply to a givenhardware resource, causing the second unit to transition to theenergy-saving mode while the acquisition unit is kept in a driven stateand, on the user authentication process, recovering the second unit fromthe energy-saving mode such that the authentication unit performs theuser authentication process, the causing and the recovering performed bya first power management unit of the second unit.
 14. The computerprogram product according to claim 13, wherein in the causing and therecovering, it is performed any chosen one of a first process of causingthe second unit to transition to the energy-saving mode while theacquisition unit is kept in the driven state and a second process ofcausing the second unit to transition to an energy-saving mode in whichthe acquisition unit is kept in a stopped state and power consumption islower than that achieved by the first process.
 15. The computer programproduct according to claim 13, wherein the first unit includes a secondpower management unit configured to cause the first unit to transitionto an energy-saving mode in which power consumption is reduced bystopping power supply to a given hardware resource, and it is performed,by the second power management unit, on transition to the energy-savingmode, any chosen one of a third process of, after an engine of the firstunit enters a driven state, causing the first unit to transition to theenergy saving mode and a fourth process of, after informationrepresenting a current condition is stored in a storage unit, causingthe first unit to transition to an energy-saving mode in whichconduction is limited to the storage unit.
 16. The computer programproduct according to claim 15, wherein It is performed, by the secondpower management unit, on the user authentication process, any chosenone of a fifth process of causing the engine of the first unit torecover to the driven state and stand by and a sixth process of, on theuser authentication process, keeping the engine in a stopped state toimplement an energy-saving mode in which power consumption is thelowest.
 17. The computer program product according to claim 13, furthercomprising transmitting the authentication information that is acquiredby the acquisition unit from the authentication medium to anauthentication server device on a given network, Wherein, by theauthentication unit, an authentication result that is sent back from theauthentication server device is used to perform the user authenticationprocess.
 18. The computer program product according to claim 17, whereinthe authentication server device includes at least a first server deviceand a second server device, by the first server device, theauthentication information that is transmitted from the transmitter isused to perform the user authentication process and history informationis transmitted on an authentication result representing that a user isauthenticated as an authorized user, by the second server device, thehistory information that is received from the first server device iscollated with the authentication information that is transmitted fromthe transmitter to perform the user authentication process and anauthentication result is transmitted, and by the authentication unit,the authentication result that is sent back from the second serverdevice is used to perform the user authentication process.